Department of Public Works and Highways Reportedly Targeted by Bashe Ransomware (APT73) in Suspected Data Breach
The Department of Public Works and Highways (DPWH) has reportedly been targeted in a ransomware incident attributed to Bashe Ransomware (APT73), based on a leak site entry circulating online. The threat actor, identified as Bashe, also known as APT73 claims to have compromised the agency’s systems and exfiltrated approximately 50 GB of data.
According to the listing, the allegedly stolen data includes internal documents, email communications with attachments, contact lists, financial records, and personal information. A countdown timer displayed on the leak page suggests a limited window for the victim to respond before the data is either publicly released or made available for purchase. The threat actor is also offering the dataset to potential buyers, indicating a dual extortion approach commonly observed in ransomware operations.
The leak entry further outlines instructions for the affected organization to initiate contact, warning that once a “download” option becomes available, the data will be publicly accessible. Additionally, the group claims that payment would result in the deletion of stolen files and provision of decryption tools, a standard assurances frequently used in ransomware negotiations, though these claims remain under verification.
Sample files published alongside the listing appear to include sensitive documents such as identification cards, academic transcripts, and official certificates, suggesting potential exposure of personally identifiable information. These samples are typically used by threat actors to substantiate their claims.
At the time of writing, the incident is under verification, and no official statement has yet been released by the Department of Public Works and Highways regarding the reported breach. Further validation efforts are ongoing to determine the authenticity and potential impact of the claims associated with Bashe Ransomware (APT73).
